One of the internal controls that SOX is interested in auditing is the source code access process. This falls under one or two of the IT internal controls.

SOX Audit

To pass the required tests, the company must provide a source code access process that requires the owner of the code to approve access before granting it.

It also requires that only approved developers have write access to the source code and that those same developers do not have access to the application in production.

In addition, it requires a review, usually semi-annual, of the access to the code and an audit trail of this review.

If you can provide this evidence, you can pass this internal control test.

Evidence

Prove there is a process for granting source control access
Provide regular access review to source code
Show how the process works
Provide user access lists

Sample SVN Access File

[groups]
dev = mit\mjb, mit\bjl, umn\tjd
scm = mit\dearking, umn\stixrud

[/]
@dev = rw

[/admin/svn_access]
@scm = rw

Links

SOX Source Code - Best Practices

Future SCM

SCM Tools have evolved from simple checkin and checkout tools to fully encompassing ALM products.

In addition to source code control, these tools now encapsulate change control, software builds, project management, item/defect tracking, and fully automated testing capabilities.

What direction will SCM take in the future?

Make Your Opinion Known!

Take our SCM Salary Survey

This is a collection salaries of SCM Professionals of different backgrounds, education, experiences and locations

Please add your information to the collection

To Participate

SCMWise.com Blog great free widgetsWidgetbox

August 2009
March 2009
August 2008

Survey of SCM Salaries

What are other SCM Professionals making?

Interested???

SCM